Accordion & FAQ Security Vulnerabilities

FreeBSD : phpmyfaq -- multiple vulnerabilities (cbfc1591-c8c0-11ee-b45a-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cbfc1591-c8c0-11ee-b45a-589cfc0f81b0 advisory. phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when ...

[SECURITY] [DSA 5624-1] edk2 security update

Debian Security Advisory DSA-5624-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : edk2 CVE ID : CVE-2023-48733 Mate Kukri discovered...

[SECURITY] [DSA 5623-1] postgresql-15 security update

Debian Security Advisory DSA-5623-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : postgresql-15 CVE ID : CVE-2024-0985 It was...

[SECURITY] [DSA 5622-1] postgresql-13 security update

Debian Security Advisory DSA-5622-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : postgresql-13 CVE ID : CVE-2024-0985 It was...

[SECURITY] [DSA 5621-1] bind9 security update

Debian Security Advisory DSA-5621-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : bind9 CVE ID : CVE-2023-4408 CVE-2023-5517...

[SECURITY] [DSA 5620-1] unbound security update

Debian Security Advisory DSA-5620-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2024 https://www.debian.org/security/faq Package : unbound CVE ID : CVE-2023-50387 CVE-2023-50868...

RansomHouse am See

RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....

Patch Tuesday - February 2024

Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can...

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can...

Description of the security update for Office 2016: February 13, 2024 (KB5002519)

Description of the security update for Office 2016: February 13, 2024 (KB5002519) Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-21413. Note: To apply.....

Description of the security update for Skype for Business 2016: February 13, 2024 (KB5002181)

Description of the security update for Skype for Business 2016: February 13, 2024 (KB5002181) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673....

Description of the security update for Office 2016: February 13, 2024 (KB5002467)

Description of the security update for Office 2016: February 13, 2024 (KB5002467) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...

Description of the security update for Excel 2016: February 13, 2024 (KB5002536)

Description of the security update for Excel 2016: February 13, 2024 (KB5002536) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To apply...

Description of the security update for Office 2016: February 13, 2024 (KB5002537)

Description of the security update for Office 2016: February 13, 2024 (KB5002537) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...

Description of the security update for Office 2016: February 13, 2024 (KB5002522)

Description of the security update for Office 2016: February 13, 2024 (KB5002522) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...

Description of the security update for Word 2016: February 13, 2024 (KB5002542)

Description of the security update for Word 2016: February 13, 2024 (KB5002542) Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following security...

Description of the security update for Office 2016: February 13, 2024 (KB5002469)

Description of the security update for Office 2016: February 13, 2024 (KB5002469) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To apply...

Description of the security update for PowerPoint 2016: February 13, 2024 (KB5002495)

Description of the security update for PowerPoint 2016: February 13, 2024 (KB5002495) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To...

Description of the security update for Publisher 2016: February 13, 2024 (KB5002492)

Description of the security update for Publisher 2016: February 13, 2024 (KB5002492) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To...

Description of the security update for Visio 2016: February 13, 2024 (KB5002491)

Description of the security update for Visio 2016: February 13, 2024 (KB5002491) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To apply...

Description of the security update for Outlook 2016: February 13, 2024 (KB5002543)

Description of the security update for Outlook 2016: February 13, 2024 (KB5002543) Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-21378. Note: To apply....

KB5034868: Servicing stack update for Windows Server 2012: February 13, 2024

KB5034868: Servicing stack update for Windows Server 2012: February 13, 2024 REMINDER Windows Server 2012 reached end of support (EOS) on October 10, 2023. Extended Security Updates (ESUs) are available for purchase and will continue for three years, renewable on an annual basis, until the final...

Ransomware review: February 2024

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

[SECURITY] [DSA 5619-1] libgit2 security update

Debian Security Advisory DSA-5619-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2024 https://www.debian.org/security/faq Package : libgit2 CVE ID : CVE-2024-24577 CVE-2024-24575 Two...

pqc_kyber KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

pqc_kyber KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

Ransomware in 2023 recap: 5 key takeaways

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...

[SECURITY] [DSA 5618-1] webkit2gtk security update

Debian Security Advisory DSA-5618-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 08, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2024-23206 CVE-2024-23213...

avro vs protobuf

A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...

[SECURITY] [DSA 5617-1] chromium security update

Debian Security Advisory DSA-5617-1 [email protected] https://www.debian.org/security/ Andres Salomon February 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-1283 CVE-2024-1284...

phpMyFAQ < 3.2.5 Multiple Vulnerabilities

phpMyFAQ is prone to multiple...

[SECURITY] [DSA 5616-1] ruby-sanitize security update

Debian Security Advisory DSA-5616-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2024 https://www.debian.org/security/faq Package : ruby-sanitize CVE ID : CVE-2023-36823 It was...

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...

CVE-2024-22208

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-22208

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

Design/Logic Flaw

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...

Design/Logic Flaw

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...

phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...

CVE-2024-22202

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....

CVE-2024-22202

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....

Design/Logic Flaw

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....

CVE-2024-22202 User Removal Page Allows Spoofing Of User Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets....

[SECURITY] [DSA 5615-1] runc security update

Debian Security Advisory DSA-5615-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 04, 2024 https://www.debian.org/security/faq Package : runc CVE ID : CVE-2024-21626 It was discovered...

[SECURITY] [DSA 5614-1] zbar security update

Debian Security Advisory DSA-5614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2024 https://www.debian.org/security/faq Package : zbar CVE ID : CVE-2023-40889 CVE-2023-40890 Debian...